Review Questions Chapter 7
We have home security alarm that are set with instructions to go off when a thief enter the home. The same mechanism is incorporated in IDPS. Show
When an IDPS recognizes a threat when it did not exist in reality, we call it a false positive. On the other hand a least desirable alarm is the false negative which occurs when a threat is present but the IDPS does not recognize and report it.
These two differ in the range of their responsibility i.e. network based IDPS protects a network while a host based IDPS secures a specific device or host.
A signature based IDPS is fed with the identification of specific threats and a behavior based IDPS has specifications of threats and it observes the threats and corresponds in accordance to the specifications.
SPAN is a replicates data from a network switch. It is used as a storage device for an IDPS.
IDPS has different strategies for its control mechanisms including fully distributed, partially and centralized control strategies.
When different honeypots are working together in a network to secure a system, it is referred to as honeypot. A honeypot diverts threats towards itself that were directed at the network.
When a honeypot is suspected to be less secured, it is improved and then called a padded cell system.
Footprinting is done to get information about the domains owned by an organization on the internet. Fingerprinting is the next level of footprinting which also gathers information about the resource utilized by an organization which is already been footprinted.
Internet service providers do not consider themselves responsible for external attacks that are performed via port scanning techniques. Therefore organizations ban it to secure themselves from threats.
Customers might want to carry out attacks by port scanning. This is why ISP’s might ban it.
Open port is used from different services at port including accepting traffic through TCP. Ports should be configured so that they are ready to identify external threats.
Vulnerability scanners keep a check on open ports and assesses their vulnerability to external threats. It is used to improve security as it identify poor prepared ports.
Active vulnerability scanners can initiate network traffic while passive cannot.
In each network packets travel all around. A packet sniffer can be utilized to monitor these packets.
A wireless security toolkit must be able to manage the confidentiality and privacy of the wireless network.
Biometric is from the biological aspects of a human that means measuring physical characteristics of human beings. These physical aspects like retina scans or finger prints are used in security clearance processes.
Retina scan is considered as one of the most reliable biometric recognition tool.
False reject rate is the rate at which authentic users are denied access while false accept rate is the rate at which non authentic users are granted access and identified as authentic. These both measures are used on cross over error rate to configure system sensitivity.
Signatures are the most widely accepted biometric authorization technology in the world in my opinion. It is accepted widely due to ease of availability.
Any biometric recognition that can most effectively differentiate between human physical attributes would be the most effective. At present time Iris is considered as the most effective biometric authentication technology. Book Whitman, M. and Mattord, H. (2011). Principles of Information Security, 4th Edition. Independence, KY: Cengage Learning. What are the three basic control strategies?The three commonly utilized control strategies are centralized, partially distributed, and fully distributed.
What are the IDPS control strategies?IDPS control strategies include centralized control strategy, fully distributed control strategy and partially distributed control strategy are different methods to deploy. In all circumstances, designers have to select a deployment strategy based on a careful analysis of IT infrastructure requirements.
In which IDPS control strategy are all Idpss control functions implemented and managed in a central location?With a centralized IDPS control strategy all IDPS control functions are implemented and managed in a central location. Using a fully distributed IDPS control strategy is the opposite of the centralized strategy.
What common security system is an IDPS most like in what ways are these systems similar?What common security system is an IDPS most like? In what ways are these systems similar? An IDS (Intrusion Detection System) works like a burglar alarm in that it detects a violation of its configuration and activates an alarm. This alarm can be audible and / or visual, or it can be silent.
|